Skip to content

Commit

Permalink
fix: Convert folding recursive verifier ops to batch mul (AztecProtoc…
Browse files Browse the repository at this point in the history
…ol#4517)

Updates folding recursive verifier to use batch_mul for optimal goblin
ec op efficiency. This reduces a single recursive verification from 1144
ECC ops to 264. (Note: 264 = 6*44 where 6 is the number of ecc op gate
rows needed for two scalar muls (one for each instance) plus an "equals"
op and 44 is the number of witnesses plus precomputed polys, not
including shifts)

Closes AztecProtocol/barretenberg#849

New benchmark result:
```
-----------------------------------------------------------------
Benchmark                       Time             CPU   Iterations
-----------------------------------------------------------------
IvcBench/Full/6             54156 ms        51691 ms            1
```
Old benchmark result:
```
-----------------------------------------------------------------
Benchmark                       Time             CPU   Iterations
-----------------------------------------------------------------
IvcBench/Full/6             66891 ms        63569 ms            1
```
  • Loading branch information
ledwards2225 authored Feb 8, 2024
1 parent 1501afd commit 3750b26
Showing 1 changed file with 14 additions and 13 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -188,8 +188,6 @@ template <class VerifierInstances>
void ProtoGalaxyRecursiveVerifier_<VerifierInstances>::verify_folding_proof(const HonkProof& proof)
{
using Transcript = typename Flavor::Transcript;
using ElementNative = typename Flavor::Curve::ElementNative;
using AffineElementNative = typename Flavor::Curve::AffineElementNative;
using ScalarNative = typename Flavor::Curve::ScalarFieldNative;

transcript = std::make_shared<Transcript>(builder, proof);
Expand Down Expand Up @@ -244,18 +242,19 @@ void ProtoGalaxyRecursiveVerifier_<VerifierInstances>::verify_folding_proof(cons
WitnessCommitments acc_witness_commitments;
auto witness_labels = commitment_labels.get_witness();
size_t comm_idx = 0;
auto random_generator = Commitment::from_witness(builder, AffineElementNative(ElementNative::random_element()));
for (auto& expected_comm : acc_witness_commitments.get_all()) {
expected_comm = random_generator;
std::vector<FF> scalars;
std::vector<Commitment> commitments;
size_t inst = 0;
for (auto& instance : instances) {
expected_comm = expected_comm + instance->witness_commitments.get_all()[comm_idx] * lagranges[inst];
scalars.emplace_back(lagranges[inst]);
commitments.emplace_back(instance->witness_commitments.get_all()[comm_idx]);
inst++;
}
expected_comm = Commitment::batch_mul(commitments, scalars);
auto comm = transcript->template receive_from_prover<Commitment>("next_" + witness_labels[comm_idx]);
auto res = expected_comm - comm;
random_generator.x.assert_equal(res.x);
random_generator.y.assert_equal(res.y);
comm.x.assert_equal(expected_comm.x);
comm.y.assert_equal(expected_comm.y);
comm_idx++;
}

Expand Down Expand Up @@ -321,15 +320,17 @@ void ProtoGalaxyRecursiveVerifier_<VerifierInstances>::verify_folding_proof(cons
size_t vk_idx = 0;
for (auto& expected_vk : acc_vk->get_all()) {
size_t inst = 0;
expected_vk = random_generator;
std::vector<FF> scalars;
std::vector<Commitment> commitments;
for (auto& instance : instances) {
expected_vk = expected_vk + instance->verification_key->get_all()[vk_idx] * lagranges[inst];
scalars.emplace_back(lagranges[inst]);
commitments.emplace_back(instance->verification_key->get_all()[vk_idx]);
inst++;
}
expected_vk = Commitment::batch_mul(commitments, scalars);
auto vk = transcript->template receive_from_prover<Commitment>("next_" + vk_labels[vk_idx]);
auto res = expected_vk - vk;
random_generator.x.assert_equal(res.x);
random_generator.y.assert_equal(res.y);
vk.x.assert_equal(expected_vk.x);
vk.y.assert_equal(expected_vk.y);
vk_idx++;
}
}
Expand Down

0 comments on commit 3750b26

Please sign in to comment.